CVE-2025-14174

Warnung

Medienbericht

EPSS 0.17%
Veröffentlicht 12.12.2025 19:20:41
Zuletzt bearbeitet 15.12.2025 15:16:08
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Betroffene Produkte Warnungen 1 Metriken 2 CWE 2 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version >= 143.0.7499.41 < 143.0.7499.110

Apple ≫ macOS Version-

Google ≫ Chrome Version >= 143.0.7499.40 < 143.0.7499.109

Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version-

Google ≫ Chrome Version <= 143.0.7499.40

Apple ≫ Safari Version < 26.2

Apple ≫ iPadOS Version < 18.7.3

Apple ≫ iPadOS Version >= 26.0 < 26.2

Apple ≫ iPhone OS Version < 18.7.3

Apple ≫ iPhone OS Version >= 26.0 < 26.2

Apple ≫ macOS Version < 26.2

Apple ≫ tvOS Version < 26.2

Apple ≫ visionOS Version < 26.2

Apple ≫ watchOS Version < 26.2

Microsoft ≫ Edge Chromium Version < 143.0.3650.80

12.12.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium Out of Bounds Memory Access Vulnerability

Schwachstelle

Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.384

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.heise.de/news/Updaten-Warnung-vor-Angriffen-auf-Apple-Luecken-und-Gladinet-11116020.html

Medienbericht

heise Security

16.12.2025 09:02

https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html

Release Notes

https://issues.chromium.org/issues/466192044

Permissions Required

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security

Third Party Advisory